Mozilla Firefox update includes repair for critical memory safety bugs

News by Bradley Barth

The Mozilla Foundation on Wednesday issued updates for the classic Firefox web browser and its Extended Support Release, in the process fixing nine vulnerabilities, one deemed critical.

The Mozilla Foundation on Wednesday issued updates for the classic Firefox web browser and its Extended Support Release, in the process fixing nine vulnerabilities, one deemed critical.

Six of the nine errors were discovered in both Firefox and Firefox ESR, while the reminders were located only in the former.

The most serious flaw, designated CVE-2018-12376, is a collection of memory safety bugs found in Firefox 61 and Firefox ESR 60.1. "Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code," states a pair of Mozilla security advisories announcing the release of Firefox 62 and Firefox ESR 60.2.

Three of the flaws are considered high severity, two of which (CVE-2018-12377, CVE-2018-12378) are use-after-free vulnerabilities found in both Firefox versions, potentially resulting in exploitable crashes. A third, CVE-2018-12375, consists of a series of memory safety bugs found only in the classic Firefox browser.

The moderate- and low-severity bugs are an out-of-bounds write, a proxy bypass, a potentially malicious page navigation technique, an addressbar spoofing technique, and a failure to delete old unencrypted passwords following the introduction of a master password.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event